Threat profile is a very interesting concept that identifies the complete set of threats in a given application context. The Threat Analysis and Modeling (TAM) tool generates a threat profile using an inclusive methodology; in other words, it uses the...

How can I get a great and secure product without killing myself? This is not just a question for how-to diet magazines; it’s a legitimate business problem. I teach the ACE Threat Modeling class (First Wednesday of every month!), and that is the question...

In the past we have been relying on the web browser to provide/restrict the user interface for interacting with applications on the Internet. As security teams slowly work to fix the usual SQL Injection, XSS, Input validation attacks there is a whole...